Phil Hunt's review of the Dynamic Registration specification has raised
a couple of issues that I felt were getting buried by the larger
discussion (which I still strongly encourage others to jump in to).
Namely, Phil has suggested a couple of syntax changes to the names of
several parameters.
1) expires_at -> client_secret_expires_at
2) issued_at -> client_id_issued_at
3) token_endpoint_auth_method -> token_endpoint_client_auth_method
I'd like to get a feeling, *especially from developers* who have
deployed this draft spec, what we ought to do for each of these:
A) Keep the parameter names as-is
B) Adopt the new names as above
C) Adopt a new name that I will specify
In all cases, clarifying text will be added to the parameter
*definitions* so that it's more clear to people reading the spec what
each piece does. Speaking as the editor: "A" is the default as far as
I'm concerned, since we shouldn't change syntax without very good reason
to do so. That said, if it's going to be better for developers with the
new parameter names, I am open to fixing them now.
Naming things is hard.
-- Justin
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
